ERM: Solve Business Problems

Enterprise risk management —  correctly implemented — has an immediate practical benefit: to solve chronic and intractable business problems.

That might sound surprising, as many conceive of ERM as a compliance exercise, with purported eventual benefits, such as reduced volatility, managing strategic risk and lowering the cost of capital. But the value should be evident right away. How does ERM solve chronic and intractable business problems? Only if there is a very sharp, comprehensive and rigorous risk identification and assessment process. The trouble is that most embarking on risk ID use either a conventional approach (limited to, say, hazard risk, or “exposure to assets”) or use an ad hoc, informal approach, with no guidelines.

The challenge of developing high quality risk information (see my pdf) is the first concern when designing an ERM program. If one pays attention to that, then risk information is transformed magically from a heap of re-hashed issues into an incisive and insightful analysis of the most critical business problems.

I have experienced this time and again with clients. Once the rigour and structure is properly introduced into the exercise, the chronic difficulties which had always escaped definition and proper analysis suddenly come to light.

The end result is people have much more confidence in their ability to manage the business at hand. They now see and understand previously undetected and unsuspected underlying risk, and are prepared to fix these conditions and move the organization forward.

Read More

Hidden Strategic Risk

2013-07-24 / How to do Risk Assessment / 0 Comments

strategic riskHow is it that strategic risk assessment misses the obvious?  It seems the most fundamental risks, although right out in the open, are not recognized as risks.

How to Identify Strategic Risk
First, the basic process: As discussed in previous posts, strategic risk assessment should be a review of goals, objectives and corporate values, as expressed in a plan. Risk assessment benefits from a multi-disciplinary round table reviewing the schedule of intended action. The risk lens brings to light the things that may prevent the successful execution of the plan.

Tracing through all stages of the plan, ask the question: What could hinder or prevent the accomplishment of this particular objective?; or, What could compromise the safeguarding of this professional value? In the broadest analysis, it is a matter of identifying phenomena that call into question the strategic direction, approach to a project, or feasibility of a program. The mitigation of such risk involves action on the same scale: to shift the planned direction; to build up one aspect of the business; to attenuate another.

But there is always some unique twist in a risk assessment… Read the rest of this entry »

Read More

Systemic Risk – Challenging Assumptions

Risk managers should contribute to long range planning and analysis. They can cause planners and modellers to recast their assumptions. In a recent workshop, participants and I were discussing risk assessment of the firm’s strategic plan, and considered wider systemic risk and emerging risk, that could undermine the organization.

On the issue of strategic risk, I first draw the reader’s attention to my 6-part series in which I discussed high quality risk assessment and future scenarios; strategic identity; stakeholders; and environmental scan. The essential point in that series is that risk assessment should be part of a complete research and planning process, including methods to deal with “black swan” risks and high uncertainty.

In this post, I want to elaborate on the idea of risk managers questioning assumptions that typically go unchallenged.

Read the rest of this entry »

Read More

Reprint – Risk Analysis for Tough Issues

Edward Robertson-article-risk-management-magazineThe Economist’s risk management study in 2010 found that there is a continuing perception of risk management as: “…support function staffed with narrowly focused specialists, such as business continuity planners, insurance buyers, or health and safety officers…” (Fall guys – risk management in the front line). Then Forbes/Deloitte reported in 2012 that a significant sector of corporate employees are “unaware of what they need to do concerning risk”. (Aftershock: adjusting to the new world of risk management).

Back December 2006 I published an article with Risk Management Magazine. It is relevant to the question of broadening the risk manager’s role to bring risk assessment to strategic planning and policy. I wouldn’t change a word of it today.

Read the rest of this entry »

Read More

Definitions: ERM and Risk Assessment – Part 1/2

definition enterprise risk management, risk assessment Enterprise Risk Management is a relatively young discipline. There is no universal agreement on what it really consists of. In some of the academic literature, the definition is assumed. Authors don’t bother with it, and yet actual practice of what people call ERM is varied.

I want to give a critique of some of the definitions of Enterprise Risk Management having currency in management discourse, and then propose my own definition of ERM. Standards such as ISO or AS/NZ 4360 do not define or even contain the term Enterprise Risk Management. But they do define risk itself consistently as being associated with the organization’s goals and objectives.

Read the rest of this entry »

Read More

ERM Case Study – Part 3/5

Entrepreneurial universityThis is the next post in the Enterprise Risk Management implementation case study of Camosun College, B.C., Canada.

Project Approach – Key Players

As mentioned previously, the idea for enterprise risk management came from the Board of Governors, who were keen to participate in the provincial government’s foray into the new practice. While many public sector executive seemed at least intellectually to accept the idea of applying risk methods to strategy, the Board wanted to see it done and effect some real changes.
Read the rest of this entry »

Read More

Create Your Own Risk Management Examples

Experimenting with the Risk Management Process

In previous 3 posts, I described the agenda I use for the “Enterprise Risk Management-Developing and Implementing” workshop, to get participants to work through their own risk management challenges. I also reported on requests expressed in online course feedback. Many want case studies.

In the earliest days of implementing ERM in BC Provincial Government, I remember saying to the Deputy Minister of Finance that, notwithstanding our own innovative risk financing programs, we couldn’t find sufficient examples of the new enterprise-wide approach. He responded by saying that we would have to create our own examples.
Read the rest of this entry »

Read More

Requests for Risk Management Case Studies

Online Risk Management Course – Requests for Case Studies

In the previous post, I mentioned that many online and on site course participants have  requested specific advice on managing risks in one or another domain; for example (to repeat):


Specific insurance coverages
First party claims
Operational risk
Risk management in the energy field
Marketing risks
Property and casualty insurance

I have been able to answer certain requests with online course materials and blog posts.

Read the rest of this entry »

Read More